Planning on moving my forums to SSL but there are considerations

[dawg]

My concerns and maybe some of you seasoned SSL folks can help me out.

1. I have been serving my site with the "WWW" for 4 years, will moving my domain to just https://domain.com affect me? If so how? I dont want a wild card if i can avoid it but see #3

2. I sell ad space and the code is provided by the company that sells it for me but they donot have SSL to serve those ads as far as I am aware.

3. I use MAxCDN, how would that work? I looked in the control panel there and cants make heads nor tails out of it. Thanks.

 

[rdn]

2. I sell ad space and the code is provided by the company that sells it for me but they donot have SSL to serve those ads as far as I am aware.

Then this is is the #1 blocker for you.

3. I use MAxCDN, how would that work? I looked in the control panel there and cants make heads nor tails out of it. Thanks.

Will cost you hundred of dollar just for SSL+MAXCDN.

Some of CDN provider offer SSL option for Free

Like CDNify and KeyCDN.

 

[dethfire]

I talked to MaxCDN about SSL support. They have an SSL checkbox that you need to click. You don't need to buy anything special from them.

 

[Mouth]

I talked to MaxCDN about SSL support. They have an SSL checkbox that you need to click. You don't need to buy anything special from them.

But you will need to update your CDN url within XF config.php

 

[Mouth]

2. I sell ad space and the code is provided by the company that sells it for me but they donot have SSL to serve those ads as far as I am aware.

Who? Until they support SSL for their ad-serving then you cannot convert your site to ssl without causing your users to get browser errors. Or find another ad provider.

 

[Erik P.]

Don't move your site off the www cname or you'll need to buy a wildcard SSL certificate which you don't need. Adding SSL will allow you to add SPDY support as well.

 

[Mouth]

Don't move your site off the www cname or you'll need to buy a wildcard SSL certificate which you don't need.

All www.mydomain.com SSL certs should also work with mydomain.com (but vice versa is not applicable.)

 

[Erik P.]

@Mouth you are incorrect, sorry. common SSL certs are issued for a FQDN hostname, FQ being the key. The user will get a warning if the hostname being accessed is different than the one in the certificate. www.mydomain.com is different than mydomain.com is different than com. The only way you'll get a cert for mydomain.com is if it's is wildcard.

 

[Mouth]

@Mouth you are incorrect, sorry.

Best you go tell RapidSSL then, since you know better. They've done this for over 4 years now.
Visit https://netrider.net.au and take a look at the certificate, which is base single domain cert issued to www.netrider.net.au Works fine, with no error or issue from browser.

 

[FredC]

Comodo certificate ordered for domain.com is issued, signed and works both for domain.com and www.domain.com. And vice versa: if you order a certificate for www.domain.com, it will be issued for both www.domain.com. and domain.com.

If Geotrust certificate is ordered for www.domain.com, the domain.com will also be covered. However, if you order it for domain.com, then you can not have it for www.domain.com.

 

[rdn]

Best you go tell RapidSSL then, since you know better. They've done this for over 4 years now.
Visit https://netrider.net.au and take a look at the certificate, which is base single domain cert issued to www.netrider.net.au Works fine, with no error or issue from browser.

@Erik P. is talking about your another set of sub domain that will be using for CDN like cdn.domain.com.
That will not be covered by your ssl provider unless you purchased wildcard.

 

[Mouth]

@Erik P. is talking about your another set of sub domain that will be using for CDN like cdn.domain.com.

No, he specifically said www.mydomain.com SSL cert doesn't work for mydomain.com
He's either confused/uninformed, or purposefully obsfucating (I'm sure the former). It needed picking-up and clarifying so anyone else reading this thread doesn't become mis-informed too.

Yes, cdn.mydomain.com or fred.mydomain.com doesn't work for mydomain.com without a wildcard cert, but that is not what the OP was talking about.

 

[dawg]

No, he specifically said www.mydomain.com SSL cert doesn't work for mydomain.com
He's either confused/uninformed, or purposefully obsfucating (I'm sure the former). It needed picking-up and clarifying so anyone else reading this thread doesn't become mis-informed too.

Yes, cdn.mydomain.com or fred.mydomain.com doesn't work for mydomain.com without a wildcard cert, but that is not what the OP was talking about.

What am i misinformed about? I asked what would dropping the WWW do to me in terms of search engine, logins etc... Because you need a wild card cert for the WWW. I didnt want to spend that much on a cert, although i have decided when i get the ads sorted that i aill go with wild card.

I wont argue this further but do this correctly you need wild card for WWW.

https://support.godaddy.com/help/article/567/what-is-a-wildcard-ssl-certificate

https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx

 

[dawg]

Best you go tell RapidSSL then, since you know better. They've done this for over 4 years now.
Visit https://netrider.net.au and take a look at the certificate, which is base single domain cert issued to www.netrider.net.au Works fine, with no error or issue from browser.

Your SSL is broken.

 

[Ridemonkey]

Your SSL is broken.

View attachment 84405

Not really, you have to look closer. His certificate is fine, which is what you're arguing about. His site happens to be serving both secure and insecure content, but the actual certificate is verified.

 

[dawg]

Not really, you have to look closer. His certificate is fine, which is what you're arguing about. His site happens to be serving both secure and insecure content, but the actual certificate is verified.

I understand but why bother with SSL if you have those issues? It has to be done right for me or not at all, thats just the way i am.

I just looked at all the major forums the big ones, none of them have SSL. I think i will put this idea on the back burner for now. To much of a pain.

 

[Ridemonkey]

Incidentally... note the address of the website and the Issued To address.

 

[Ridemonkey]

I understand but why bother with SSL if you have those issues? It has to be done right for me or not at all, thats just the way i am.

Maybe, but his configuration doesn't really have anything to do with how you configure yours.

In any event, I think the above screenshots are pretty conclusive that you do not need a wildcard cert to support the www subdomain. If the certificate were a wildcard cert it would have been issued against *.netrider.net.au.

 

[dawg]

Maybe, but his configuration doesn't really have anything to do with how you configure yours.

In any event, I think the above screenshots are pretty conclusive that you do not need a wildcard cert to support the www subdomain. If the certificate were a wildcard cert it would have been issued against *.netrider.net.au.

It has everything to do it with it. You are arguing a point and you use a bad example as your argument. The people here that have SSL setup correctly do not have those issues.

 

[Ridemonkey]

It has everything to do it with it. You are arguing a point and you use a bad example as your argument. The people here that have SSL setup correctly do not have those issues.

I am supporting a point made earlier that this:

...you need a wild card cert for the WWW...
...I wont argue this further but do this correctly you need wild card for WWW...

Is clearly not universally true, since there is an obvious and clearly demonstrated example of using a non-wildcard cert, issued to www.domain.com but supporting domain.com, by a respectable and widely used certificate authority.

His choice to serve insecure ads or other insecure content through his secure website has nothing whatsoever to do with that point.